Another Reader vulnerability emerges, according to a Russian security firm

Cyber crooks are thought to be selling a zero-day vulnerability in Adobe Reader X and packaging it up in the most prevalent exploit kit in the world – Blackhole.

Russian firm Group-IB claimed to have confirmed the Adobe Reader flaw earlier this week, and reports have suggested that the flaw is fetching between $30,000 and $50,000 on the black market. As the Blackhole Exploit Kit is being used, some suspect the flaw is being used to serve up banking malware to unsuspecting Internet users.

Blackhole kits are typically thrown up at users from infected websites, in what are known as drive-by download attacks. All it requires is an iFrame to be read by the target’s browser.

Another Adobe flaw

As noted by Group-IB, however, the vulnerability can only be exploited after a user closes and then reopens the browser. The company did not explain why that was the case.

“Another variant is to organise interaction between the victim and the malformed PDF document. Either way, the vulnerability … has [a] very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cyber crime gangs because in the past there was no documented method of how to bypass it with shellcode execution,” said Andrey Komarov, head of the international projects department at Group-IB.

Adobe said it is now in contact with Group-IB and is hoping to learn more from the Russian firm to determine whether the flaw was genuine.

“We are aware of the announcement from Group IB and have reached out to Group IB for additional information. We are now in communication with Group IB so we can make a determination whether or not this is in fact a vulnerability and a sandbox bypass,” a spokesperson told TechWeekEurope.

“Without additional details, and in particular a sample, there is nothing we can do, unfortunately, beyond continuing to monitor the threat landscape and working with our partners in the security community, as always. We will update you as soon as we have new information and a determination can be made.”

The company has had to deal with various vulnerabilities in its software over recent months, but has received plaudits for its quick response to found flaws.